Installing certificate services, Verifying directory services, Configuring automatic certificate request – HP Remote Insight Lights-Out Edition II Board User Manual
Page 68
RILOE II security 68
Every time you click Generate Certificate Request, a new certificate request is generated, even
though the RILOE II name is the same.
•
Import Certificate—If you are returning to the Create Certificate Request page with a certificate to
import, click Import Certificate to go directly to the Certificate Import page without generating a
new CR. A given certificate only works with the keys contained in the CR from which the certificate
was generated. If RILOE II is reset or another CR is generated since the CR that was used to request
the certificate generated, then another CR must be generated and a new certificate procured from
the CA.
You can create a certificate request or import an existing certificate using RIBCL XML commands. These
commands enable you to script and automate certificate deployment on RILOE II servers instead of
manually deploying certificates through the web interface. For more information, See
"CERTIFICATE_SIGNING_REQUEST" and "IMPORT_CERTIFICATE" in the "Remote Insight Command
Language (on page
CERTIFICATE_SIGNING_REQUEST and IMPORT_CERTIFICATE cannot be used with the standard
CPQLOCFG utility. However, you can use the PERL version of CPQLOCFG in combination with these
commands.
Installing certificate services
1.
Select Start>Settings>Control Panel.
2.
Double-click Add/Remove Programs.
3.
Click Add/Remove Windows Components to start the Windows Components wizard.
4.
Select the Certificate Services check box. Click Next.
5.
Click OK at the warning that the server cannot be renamed. The Enterprise root CA option is
selected because there is no CA registered in the active directory.
6.
Enter the information appropriate for your site and organization. Accept the default time period of
two years for the
Valid for
field. Click Next.
7.
Accept the default locations of the certificate database and the database log. Click Next.
8.
Browse to the c:\I386 folder when prompted for the Windows® 2000 Advanced Server CD.
9.
Click Finish to close the wizard.
Verifying directory services
Because management processors communicate with Active Directory using SSL, it is necessary to create a
certificate or install Certificate Services. You must install an enterprise CA because you will be issuing
certificates to objects within your organizational domain.
To verify that certificate services is installed:
1.
Select Start>Programs>Administrative Tools>Certification Authority.
2.
If Certificate Services is not installed an error message appears.
Configuring Automatic Certificate Request
To specify that a certificate be issued to the server:
1.
Select Start>Run, and enter
mmc
.
2.
Click Add.
3.
Select Group Policy, and click Add to add the snap-in to the MMC.
4.
Click Browse, and select the Default Domain Policy object. Click OK.
5.
Select Finish>Close>OK.